> Any system is only as secure as it's programmed and it's > server shored up. Granted, if you're doing business on the > web in a manner that you're going to store credit cards, > then you better be able to afford to protect them, whether > it's PGP or other. My point is that PGP is not the end all > for storing credit cards. You CAN build other systems. Face > it, depending on the ability of the hacker, they can get at > the cards, no matter where they are. One big problem is when > folks put the numbers in databases that are in their web > directories. Amazingly, even a short time ago, several high > profile sites were storing credit card numbers in databases > what were downloadable with a URL. Never put your database > (Access) in a web accessible directory.
All of this is true enough. My point was simply that using a single-key system as simple as the one you proposed is not nearly as secure as using a publicly tested, well-known encryption algorithm, ideally a public-private key system. Of course, even with that, you have to secure the keys well. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: (202) 797-5496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
